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JUSTIFICATION AUTHENTICATING SYSTEM, 
PERSONAL CERTIFICATE ISSUING SYSTEM, AND 
PERSONAL CERTIFICATE 



BACKGROUND OF THE INVENTION 



This mvention relates to a justification authenticating system, a personal 
certificate issuing system, and a personal certificate used in these systems. 

in general, personal certificates that include authentic images (of a card 
type or a book type), such as a credit card, cash card, membersh%) card, student 
identification card, employee ID card, passport, health insurance card, and license, 
have been widely used. In this specification, the "authentic image" signifies an 
image by which an individual is identified, such as a photographic hnage of a Skce, 
an hnage of a fingerprint, or an image of a pupiL 

However, mcidents are so firequently occurring m which a person who is 
not the owner of these personal certificates substitutes another authentic hnage for 
an authentic hnage of the owner, and thereby the person unjustly m^iersonates the 
true owner. This is a social problem. 

As a countermeasore agamst such counterfeiting, a technique for 
enOiedding a dighal watermark mto a facial photograph has been proposed (see 
Japanese Unexammed Patent Pubhcation No. Hei- 10-275203), the disclosure of 
winch is herein inckded by reference. Accordkg to the digital watermark method, 
deshed data is embedded into an authentic hnage, which is digital data, as 
watermark mformation so as to be indistmguishable to the eye, while permitting 
normal viewing of the authartic image. 
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In this technique, the justification of a personal certificate is judged in such 
a way that a digital watermark embedded in the personal certificate is accurately 
extracted by the aid of authentication equipnient (for exan^jle, a card reader). 

Here, it is supposed that, when a personal certificate is generally formed, 
the identifier of the owner of the certificate is "BBB", and information to be added 
is "AAA", md the digital watermark of "ABABAB" is embedded. 

In this case, the digital watermark is read fi-om an authentic image vAien. 
authenticated. Ifreadhigfeil, the identification isjudged to be unjustifiable. Even 
if the reading is successfiil, according to an opposite procedure to the procedure 
followed when embedded, as a result of exchiding the identifier "BBB" from the 
"ABABAB", the information "AAA" is separated. A judgment is then made as to 
whether or not the information is correct. As a result, if information is correct, it 
is judged to be justifiable, and, if not correct, it is judged to be unjustifiable. 

However, the above technique is at a disadvantage in tiiat, smce tiie 
justification is determined only by the data stored on the card, Msification is easily 
perpetrated if the algorithm for embedding a dighal watermark is leaked or 
revealed. For example, the iUegality of an ofBender B cannot be exposed even if 
the offender B who stole the credit card of a person A merely pastes a &cial 
photograph in which a digital watermark according to this algorithm is embedded 
on the facial photograph of the offender B, and the offender B skops with this 
credit card. Accordingly, the above technique cannot con^letely avoid problems 
about security. 

OBJECTS AND SUMMARY OF THE INVENTION 



It is an object of the present invention to provide a justification 
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authenticating system, a personal certificate issuing ^stem, and a personal 
certificate used in these systems, each having high security. 

Briefly stated, the present invention provides a justification/authentication 
personal certificate system vi?hich stores in a remote database a counterpart of an 
identifier and a digital watermark contained in the personal certificate. The 
personal certificate includes the digital watermark embedded in an authentic image 
such as a fecial photograph, a retinal scan, or a fingerprint. When the personal 
certificate is used, the authentic image is read fi-om the personal certificate, and the 
digital watermark information is extracted. The digital watermark information and 
the identifier are compared with the counterparts stored in the database. If the 
extracted digital watermark information is identical to the information in the 
database, then the personal certificate is judged to be unjustifiable. Li one 
embodiment, at least one of the identifier and digital watermark are changed each 
time the system justifies the personal certificate. 

According to m embodiment of the invention, there is pro^dded a 
justification autiienticating system con5)rising: a database for storing an identifier 
ofa personal certificate and di^alwatermark information related to said identifier, 
a personal certificate containing said identifier, said personal certificate also 
containing a readable authentic image in which a digital watermark relative to said 
identifier is embedded, a read means for reading at least said authentic image firom 
said personal certificate, a watermark information inquiring means for extracting 
digital watermark information corre^onding to said identifier firom said authentic 
image, and a watermark information con^aring means for jud^ng whether said 
digital watermark information extracted by said watermark information inquiring 
means fi-om said personal certificate is identical to said watermark mformation 
stored in said database, if said watermark inquiring means finds identical 
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watermark infonmtion in said watermark information from said authentic image 
and said database, said watermark inquiring means justifies said personal 
certificate, and if the watermark information firom the two sources are not 
identical, then the watermark inquiring means fails to justify said personal 
certificate. 

According to a feature of the iavention, there is provided a personal 
certificate issuing system con[5)rising: anidentifiergeneratingmeansfor generating 
an identifier unique to a personal certificate, a watermark information generating 
means for generating digital watermark information correj^onding to said 
identifier, a database for storing said identifier of said personal certiBcate and said 
digital watermark information relative to said identifier in relation to each other, 
a watermark information registering means for storing said identifier generated by 
said identifier generating means and said digital watermark information generated 
by said watermark information generating means in said database, an image input 
means for inputting a raw authentic image, a watermark-embedded image fommg 
means for forming a watermark-embedded authentic inaage in which said digital 
watermark is embedded on said authentic image input by said image input means, 
and a personal certificate that readably carries said authentic image generated by 
said watermark-embedded image forming means and said identifier generated by 
said identifier generating means. 

According to a fiuther feature of the invention, there is provided a personal 
certificate con^rising: a unique identifier, an authentic image of an authorized 
user of said personal certificate, said authentic image being viewable by eye, said 
authentic inaage containing embedded therein digital watermark information 
corresponding to said identifier, and means for permitting communication of said 
identifier and said digital watermark information to a database remote fi*om said 
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According to a first aspect of the present invention, digital watermari: 
information embedded in an authentic image is stored not only on the authentic 
image of a personal certificate but also on a database, and therefore only justifiable 
use is permitted following a con:5)arison of the digital watermark information 
stored in the database and the digital watermark information extracted fi'om the 
personal certificate. 

For exRmph, since the database itself is not modified even if digital 
watermark information is embedded expertly in the fecial photograph of a personal 
certificate stolen by the offender B, the con^parison with the database fails, and the 
iEegality of the offender B is exposed. That is, compared with a case in which 
security depends only on the authentic hnage of the personal certificate, security 
can be greatly improved. 

According to a second aspect of the present invention, in addition to the 
first aspect of the invention, the digital watermark stored in the htformation carrier 
can be read as digital data, and therefore the digital watermark information can be 
accurately compared 

According to a third aspect of the present invention, in addition to the first 
aspect of the invention, the information carrier is a semiconductor memory or a 
magnetic material, and therefore data can be stored without greatly mcrea^g the 
weight of the personal certificate. 

According to a fourth aspect of the present invention, in addition to the 
first aspect of the invention, the authentic image is printed on printed matter, and 
therefore the personal certificate is thinner and Ughter. 

According to a fifth aspect of the present invention, in addition to the first 
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aspect of the invention, random values are included in the digital watermark 
infonnation. Therefore, persons who attempt felsification or alteration cannot 
predict the random portion of the information. This increases the difficulty of 
felsification. 

According to a sixth aspect of the present kvention, m addition to the fest 
a^ect of the invention, the digital watermark information embedded in the fecial 
photograph information of the database and of the personal certificate is updated 
whenever necessary or desirable. Therefore, infellible measures can be taken 

against felsification. 

According to a seventh aspect of the present mvention, in addition to the 
first aspect of the invention, the database is located at a distance from the place 
where the personal certificate is used. The data is cormnunicated through a 
communication network. Thus, the digital watermark information does not leak 
out as long as access to the database is prevented. Therefore, the security of the 

system is improved. 

The above, and other objects, features and advantages of the present 
invention will become apparent from the following descrq)tion read in conjunction 
with the accoiE5)anying drawinigs, in which like reference numerals designate the 
same elements. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block dkgram of a ^stem according to a first embodinKnt of the 
present invention. 

Fig. 2 is a block diagram of a system according to a second embodhnent 
of the present invention. 
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Fig. 3 is a flowchart showmg an issuing process according to tie first 
embodiment of the present invention. 

Fig. 4 is a flowchart showing an authentication process of the present 
invention. 

Fig, 5 schematically shows the relationshq) among a personal certificate, 
an identifier, a digital watermark, and a database of the same. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Embodiments of the present iavention are described hereinafl:er with 
reference to the accompanying drawings. First, prior to the description of each 
embodiment, the relationship among an identifier, digital watermark information, 
and a database according to the present invention is roughly described with 
reference to Fig. 5. A case where the photographic image of a fece is used as an 
authentic image is primarily described below. 

As shown in Fig. 5, a personal certificate 5 includes an identifier 1 and an 
authentic image 4. There is a one-to-one relationship between the identifier 1 and 
digital watermark infonnation 2 which are stored in a database 3. In this exanq)le, 
for purposes of description, and not as a limitation, the identifier 1 is "123", and 
the digital watermark information 2 is "hogehoge", 

(Embodiment 1) 

Referring to Fig. 1, a system according to the first embodiment of the 
present invention en^loys a personal certificate 10 shown at the upper lefl; of Fig. 
1. The personal certificate 10 is one that has been issued, and is used for 
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autheEttticatioiL Apersonal certificate 20 stown at the upper light ofFig, 1 is being 
prepared for issue, but has not yet been completed for issue. 

The coi^pleted and issued personal certificate 10 has a display part 12 in 
which a photograph of a fece or the like is displayed, a memory 13 as an 
information carrier, and an identifier ll(in this embodiment, "123"). 

The personal certificate lOfintherhasaninput-outputport 14 to access the 
memory 13. Ifthe capacity is large enough to store m image, a magnetic material, 
such as a magnetic strip, may be used as an information carrier instead of the 
memory 13. 

An authentic image in which digital watermark information is embedded, 
is stored in the memory 13. The authentic image can be di^layed on the display 
part 12 if necessary. The display part 12 may be, for exan^le, an LCD. 

Likewise, the personal certificate 20 being prepared for issue includes an 
idratifier 21 {herein "234"), a display part 22, a memory 23, and an input-output 
port 24. The personal certificate is constructed in this way. 

Next, a system of this embodiment is described. For convenience of 
explanation, this system is a combination of a justification authenticating system 
and a personal certificate issuing system. However, the authenticating system and 
the issuing system can be separately constructed. 

A read means 30 is connected to the input-output port 14. The connection 
of the read means 30 may be a wired or wireless connection. The read means 30 
reads the authentic image that is stored in the memory 13 and in which digital 
watermark information is embedded. 

A write means 3 1 is connected to the input-output port 24. The connection 
of the write means 3 1 may be a wired or wireless connection. The write means 3 1 
writes into the memory 23 fecial photograph information in which digital 
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watermark information is embedded. 

An input means 32 accepts information input needed when a personal 
certificate is authenticated or issued. A digital camera 33 photographs the face of 
an owner, and outputs an authentic image (digital). A control means 34 controls 
the above, and other elements, and judges the verification of the personal 
certificate. 

A watermark mformation extracting means 35 extracts only the digital 
watermark information firom the authentic image read by the read msms 30, and 
returns the digital watermark information to the control means 34. 

A watermark information corxspmng means 36 corcqpares the watermark 
information obtained fi-om the database 3 with the watermark information 
extracted by the watermark information extracting means 35, and returns a 
judgment to the control means 34 on whether or not the two sources of 
watermark information are identical 

As described later, a watermark-embedded image forming means 37 
embeds generated watermark information obtained firom a server 42 side mto the 
authentic image photographed by the digital camera 33, and forms an authentic 
image in which a digital watermark is embedded. 

A watermark information registering means 38 requests the server 42 to 
register an identifier and a digital watermark corresponding to the identifier on the 
database 3. Awatermarkinformationinquiringmeans39 sends the identifier to the 
database 3 through the server 42, and requests watermark information relative to 
the identifier. A communication means 40 communicates with the server 42 
through a communication network 41. 

The server 42 is connected to an identifier generating means 43 and a 
watermark mformation generating means 44, The identifier generating means 43 
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accesses the database 3, aad generates a xmique identifier that has not yet been 
assigned. The watermark information generating means 44 forms watermark 
information corresponding to the identifier. 

The watermark information is preferably determined arbitrarily. 
Preferably, the watermark mformation is based on a random number generator 
(pseudo-random number generator). With watermark information generated 
according to random numbers, persons (offenders or their group) who attempt 
falsification, cannot predict the information in a new watermark based on 
knowledge of preceding watermarks. This provides an additional level of security 
for the system. Typically, the watermark information is recorded on the database 
3 as text data, and is embedded mto the authentic unage as a digital watermark. 

Although the authentic image is obtained by photography using the digital 
camera 33 in the example of Fig. 1, the authentic image may be input by any 
convenient input device such as, for example, reading in printed matter with an 
image scanner or the like. If a fingerprint image or a pupil image, instead of a fece 
image, is eEG5)loyed as the authentic image, an mput means suitable for such an 
image is used, as a matter of course. 

The identifier generating means 43 and the watennark information 
generating means 44 maybe disposed on the controlmeans 34 side (i.e., the chent 
side when seen firom the server 42), instead of on the server 42 side, 

(Embodiment 2) 

Next, a system according to a second embodiment of the present invention 
is described with reference to Fig, 2. In this system, a personal certificate does not 
include a memory as an information carrier. This embodiment differs fi-om that of 
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Fig. 1 in the followfaig respect 

Although an identifier 51 (herem "123") is displayed on a personal 
certificate 50 for authentication, an information carrier is onritted. Accordingly, 
an input-output port is not required. Instead of a memory and input-output port, 
a printed fecial photograph 52 is pasted on the personal certificate 50. The printed 
fecial photograph 52 is input through an unage scanner 70. 

Likewise, although an identifier 61 (herein "234") is displayed on a personal 
certificate 60 for issue, a memory and an input-output port are also omitted. 
Instead, a pasting area for a facial photograph 62 is available for pasting therein. 
Digital watermark information is embedded in the fecialphotograph 62. The facial 
photograph 62, together with the digital watermark information is printed on the 
personal certificate 60 by a printer 71 . The resulting fecialphotograph 62 is pasted 
on the pasting area of the personal certificate 60. The remaining aspects of the 
system are identical to the structure of Fig, 1. 

(Processing) 

Next, the flow of a process for issuing the personal certificate is described 
hereinafter with reference to Fig. 3. In the second embodiment, the technique of 
the reading/writuig of the authentic image merely differs in the processing itself, 
and therefore the first embodiment is primarily described. 

First, the operator of tiiis system or the owner of the personal certificate 
inputs necessary personal information to the systemusing the input means 32 (step 
1). Thereafter, at step 2, the owner's face, corneal pattern, fingerprint, or other 
identifying pattern, is photographed with the digital camera 33, scanner, or other 
device, to acquire an autiientic image. 
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At stq) 3, the control means 34 coimects to the server 42 through the 
conmumication network 41 using the communication means 40. 

Thereafter, at step 4, the control means 34 requests the server 42 to 
generate an identifier and v^atermark information corresponding to this identifier 
through the communication means 40, 

In response to this, the identifier generating means 43 on the server 42 side 
accesses the database 3, and generates a new identifier that has not yet been 
assigned. The watermark hiformation generating means 44 generates watermark 
information corresp onding to this new identifier. The identifier and the watermark 
information are transmitted to the control means 34 (step 5), 

The control means 34 receives them, and requests the watermark 
information registering means 38 to register the received identifier and watermark 
information on the database 3 (step 6). In response to this demand, the server 42 
stores the hiformation in the database 3. Thereafter notification is transmitted to 
the control means 34 that the registration has been completed (step 7). 

Upon receiving this notification, the control means 34 releases the 
connection with the server 42 (step 8), and gives the received watermark 
information and the authentic hnage obtained from the digital camera 33 to the 
watermark-embedded hnage formmg means 37, and thereby a watermark- 
embedded hnage is formed (step 9). 

At step 10, the watermark-embedded hnage formed as described above is 
transmitted to the write means 31. The write means 31 writes this image mto the 
memory 23 through the mput-output port 24, and the authentic hnage is displayed 
on the display part 22 when necessary. This con5)letes the issiung process. 

Next, the authentication process is described with reference to Fig. 4. The 
personal certificate 10 that has been issued is mserted into the read means 30. 
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First, the read means 30 reads an identifier 11 (herein "123") from the personal 
certificate 1 0 (step 20). The identifier may be input by any convaiiettt device such 
as, for exan^le, with the input means 32. 

Thereafter, at step 21, the read means 30 reads the authentic image that is 
stored m the memory 13 and in which digital watermark information is surely 
embedded, through the input-output port 14. 

Thereafter, at step 22, ibs control means 34 transmits the obtamed 
authentic image to tie watermark mformation extracting means 35, and causes the 
extracting means 35 to extract watermark mformation from the authentic hnage. 
If this extraction feils (step 23), the control means 34 judges that the personal 
certificate 10 is unjustifiable (step 24), and termmates the processing. 

On the other hand, if the extraction ofthe watermark information succeeds, 
the control means 34 connects to the server 42 through the communication means 
40 (step 25). 

The control means 34 transanits the identifier 11 that has been read fromthe 
personal certificate to the watermark mformation mquiting means 39, and causes 
the inquiring means 39 to acquire the watermark information corresponding to the 
identifier 11 (step 26). 

When receiving this inquiry, the server 42 retrieves the watermark 
information correspondmg to the identifier in the database 3. If the watermark 
information is not found, the server 42 sends a message that the corres^ionding 
information is not found. If the watermark mformation is found, the server 42 
returns the found watermark information to the control means 34 (step 27). 

When the control means 34 receives the information fr omthe server 42, the 
control means 34 releases the connection (step 28). If the control means 34 
receives the message that the watermark information is not found (step 29), it is 
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judged that the personal certificate 10 is ^justifiable (step 24), and the processing 
is terminated. 

On the other hand, vAim recei\dng the watermark infonnation, the control 
means 34 transmits the watermark information extracted by the watermark 
information extracting means 35 and the watermark information received fi*om the 
server 42 at this time to the watermark information comparing means 36 for a 
conq)arison. If the watermark information fi^om the two sources are foxmd to be 
non-identical in the con^arison made by the watermark information conq)aring 
means 36, the control means 34 determines that the personal certificate 10 is 
unjustifiable (step 24), and terminates the processing. 

On the other hand, if the watermark information firom the two sources are 
found to be identical in the conq)arison, the control means 34 determines that the 
personal certificate 10 is justifiable (step 31), and conq>letes the proces^g. 

Preferably, when the watermarkis judged to be justifiable, the sameprocess 

as the main part of Fig. 3 is carried out once again at step 32, and the watermark 
information corresponding to this identifier is updated (step 32), As a matter of 
course, the update means updates both the digital watermark embedded in the 
authentic image of the personal certificate 10 and the digital watermark in the 
database 3 (note that these digital watermarks are caused to be identical). If so, 
the digital watermark is updated whenever the authentication process succeeds. 
This adds an additional defense against felsification or forgery. 

As described above, in the present invention, the digital watermark 
embedded in the authentic image of the personal certificate does not depend only 
on proofby authentication equipment. Instead, it con[q>ares the digital watermark 
stored in the database remote fi-om the personal certificate or the authentication 
equipment with the digital watermark with the digital watennark on the personal 
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certificate. Therefore, a preventive system againsi Msification or against other 
unjustifiable use is constructed. 

Having described preferred embodiments of the invention with reference 
to the accompanying drawings, it is to be imderstood that the invention is not 
Kmited to those precise embodiments, and that various changes and modifications 
may be eflfected therein by one skilled in the art without departing fi-om the scope 
or spirit of the mvention as defined in the appended claims. 



